The invention relates to a method, a transmitter, and a receiver for the secure unidirectional transmission of a signal, making use of an asymmetric cryptography method.
Unidirectional transmissions of signals are used, for example, in remote control systems for the issue of a control command, since in these cases there is usually no response message required. Examples of such remote control systems are radio keys for the locking and unlocking of motor vehicles, wireless garage door openers, or remote control devices in the entertainment electronics sector. In addition to these, for example, status information such as temperature or tremors, is transferred unidirectionally by wireless sensors. Such unidirectional transmission is energy-saving, since only one single message is sent, and no connection needs to be established beforehand. As well as this, it is usually possible to do without a receiver part, which makes the systems concerned economical to manufacture.
With a unidirectional transmission, however, in most application situations there is a need for a secure transmission of the signals which is protected against manipulation. To provide secure unidirectional transmission, what is referred to as the KeeLoq protocol is known. In this protocol, a symmetrical key is used for the encryption of the transmitted signals. In a symmetrical encryption method, transmitters and receivers are provided with the same key, in order for the transmitter to be able to encrypt the message with this key and the receiver can decrypt it. In order to introduce a new transmitter to a receiver, it is therefore necessary, using a suitable method, for a specific symmetrical key to be agreed on between the transmitter and the receiver. In practice, such methods are used in which a symmetrical system key is stored at the receiver by the manufacturers. On the basis of a transmitter-specific item of information, such as a serial number, a transmitter-specific key can then be calculated by the receiver. To do this, the transmitter transmits, for example, in a learning phase, its serial number to the receiver, which thereupon, with the aid of the system key, determines the transmitter-specific key. On the transmitter side, the transmitter-specific key is already stored by the manufacturer. This means that, after this learning phase, both the transmitter and the receiver have a common key available to them, with which the messages can be encrypted and decrypted respectively.
A problem with such a method, however, is the fact that a system key is stored on each receiver. An attacker who is in possession of only one receiver can read out the system key and, with this knowledge, can reconstruct the keys of any transmitter at will.
With another method, in order to agree on a symmetrical key between transmitter and receiver, the transmitter key is transmitted unencrypted in a learning phase. This also incurs the risk, however, that an attacker can tap the transmitter key in a manipulated learning phase.
Apart from this, in both methods a learning phase must be run through, which is to be initiated by the user. This involves additional effort and expenditure for the user, with the result that the additionally required learning phase renders the methods described more prone to error and less user-friendly.
The documents by A. Menezes, P. van Oorschot, S. Vanstone: “Handbook of Applied Cryptography”, CRC Press, 1997, pages 385 to 435, and J. Clark, J. Jacob, “A Survey of Authentication Protocol Literature: Version 1.0”, 17 Nov. 1997, describe a unilateral authentication method between a transmitter and a receiver. Within the framework of this authentication, a time stamp and a receiver identification are transmitted, as well as a digital signature, which is formed by the time stamp and the receiver identification. In this situation, the receiver can check the correctness of the time stamp, as well as, by the public key of the transmitter, the correctness of the signature.
In the printed specification U.S. Pat. No. 7,278,582 B1, a hardware security module in the form of a chip card is described.